Posted
by
timothy
on Friday July 25, 2008 @03:56PM
from the it-has-an-excellent-license-after-all dept.

gbjbaanb writes "Ars Technica reports that Microsoft is to sponsor the Apache Foundation to the tune of $100k. From the article: 'I asked him if this could possibly be the beginning of a broader initiative by Microsoft to increase Apache compatibility with .NET web development technologies, but he says it's still too early to guess Microsoft's future plans for Apache participation. ... He doesn't anticipate a confrontational response from the developers working on individual Apache projects ... The response of the broader open source software community, however, is harder to predict.' (In related news, MS also intends to participate in the RubySpec project.)"

I read this news yesterday and I was too stunned to reply. I had to go out into the Big Blue Room and do some yard work. Mow the lawn, that kind of thing. Get grounded. Get grass stains on my sandals.

This is exactly the kind of thing that Microsoft needs to start doing if it is going to survive in the post-capitalist economy of FOSS. The changes wrought by FOSS might never have much bearing on the general economy, but they have profoundly changed the economics of information technology. These changes are

Could it be that they would like to quit supporting IIS? Make Apache do the dirty webserver stuff, but keep all the content creation in a dll or something. Maybe the 100k is for working on Windows API's and such?

That is the only logical conclusion, as nobody just gives money to the competitor. Right?

Exactly! They are tired of hiring you people. It would take just a handful of QA guys and a few Apache on Windows experts to utilize Apache for the webserver work. The community would take care of the rest. Just becuase you are expanding, doesn't mean you are making money, and doesn't mean your safe.

I don't know if they see it as a replacement so much as IIS/Webservers aren't terribly important to their core business model. IIS is a pretty crappy web server in comparison to... ummm... almost everything else. I think it's more important to Microsoft that people are using.net and Windows servers. If they want to use another web server on Windows w/.net, so be it. They'll always offer IIS, but they don't fight IIS replacements tooth and nail like they fight Office replacements.

{{cite needed}}. Not saying it's superior to Apache but having used both I wouldn't call IIS a "crappy web server". Though these days dynamic content is the name of the game so the web server is less important (reduced to more of a front end that passes along the nifty gritty to the PHP/Java/Net/etc back end).

Even media players have built in web servers these days; works with PHP too.

Out of interest, what are your specific problems with IIS that make you suggest it's one of, if not the worst web servers out there?

I much prefer Apache, but there are scenarios where IIS is a better choice, and I don't think IIS is any worse than much else other than Apache to be honest.

It's not the IIS of old anymore, it's nowadays pretty decent. Microsoft have certainly cleaned up their act a lot in terms of security and stability of the likes of IIS/SQL server in recent years. ASP.NET is of course a maj

I'm not so sure... IIS serves as a tie-in to quite a few different (and damned profitable) Microsoft products... starting with Exchange (for OWA), and branching out a couple thousand different directions from there.

And those enterprise products connect to IIS through COM. Which is perhaps what I should have said instead of API.

So as I said, perhaps this is to get Apache working with Windows COM objects so that they can still have Sharepoint creating content in a compiled application, but the stdout is just changed to html and passed to $webserver.

Microsoft may have a different perspective based on their judgement of the enviroment, and whether it's a
Zero-Sum Game or not. [wikipedia.org]

Non Zero-Sum Game = contribute to everyone; grow entire pie; so your own little percentage yields a high profit.
Zero-Sum Game = control hardware, software, and even services; shrink entire pie; so that you own a large piece that yields more profit relative to others' profit.

If you believe contributing to Appache would be good for everyone, and hence good for you, then you su

Not really. They probably just want you to come and buy Windows Server from them even if you decide to use Apache rather than IIS. You'll still get IIS installed with Windows, so if you'll ever be tempted to use any of Microsoft's IIS-specific solutions, the platform is already there.

Oh, do feel free. Promises not to sue, just like MS, I give freely. Probably a little less scary when I do it though.

I really did think my meaning was a little more transparent than the mods seemed to think though. Once off topic though, why not explain the joke to death right? First, it should be noted that my assumption is that MS is up to something, some sort of dark magic, which is not clear. Typically when they squash competition, I see the trick, thus the "up his sleeve" or "in his hat" relevance. Sec

Based on Ballmers history, I'd say this is inroads by which to "divide and conquer". So; with the check, what was on the document saying what they wanted in return. Microsoft never gives anything away and usually takes everything it wants?

The word "Partner" usually has the connotation that money has exchanged hands between parties. When ever Microsoft "partners" with governments, communities, organizations and such, is because there is a business relationship in there somewhere that just; wasn't mentioned. If they are using Windows computers, they probably got a sweet deal on them, or they paid full price for them in order to receive "grants" for a program they are running as a non-profit, etc.

So you are saying we should scratch PHP, Ruby, and Pearl off as well because they don't have nearly the penetration or recognition of.Net?

Silverlight 2* is still pretty low-key, but it's in Beta (a real beta, not the "this thing isn't ever going to leave beta" definition that Google likes to use). But I keep hearing more and more bounce back from developers, and the head hunters are starting to pick up on it too. When SL2 is released, it's going to rally up some decent press, and I wouldn't be surprised at

excuse me, but if you say this, i have no option but laughing over it with my ass. i dont know any decent way to put it. youre totally unaware of what the web is built with.

Okay, so it was a slight hyperbole;) The combined presence of VB.Net/C#/ASP.Net and the rest of the.Net language does by most measures, out weigh PHP, Ruby, or Pearl individually in terms of distribution and use. But it's all arm chair statistics anyway, change the metrics and you can easily show any single element out performing any other single element.

The point, hyperbole aside, still stands. Do you feel that if a product is of lesser popularity, it should be forsaken in favor of the market leader?

Okay, so it was a slight hyperbole;) The combined presence of VB.Net/C#/ASP.Net and the rest of the.Net language does by most measures, out weigh PHP, Ruby, or Pearl individually in terms of distribution and use. But it's all arm chair statistics anyway, change the metrics and you can easily show any single element out performing any other single element.

no, they dont.

do you know how many millions of websites use php on shared hosting ? as opposed to asp servers being generally standalone, serving only one site ? this example should by itself be enough to draw a picture. im not even gonna go into what perl means for linux.

The point, hyperbole aside, still stands. Do you feel that if a product is of lesser popularity, it should be forsaken in favor of the market leader?

the popular is decided by the market itself. php did not became popular because some big buck company pushed it through various means. or spent big marketing cash on it.

1. believe me, PHP by itself runs on more webservers and sites than all the.NET languages put together. Probably more than.NET languages and ASP/classic too!

Netcraft stats for PHP [php.net] - over 20 million sites a year ago. According to the same Netcraft survey, IIS itself only runs 20 million sites, so unless *every* IIS site ran ASP (note: these stats are from Aug 2007, so they'd all be classic ASP) PHP would *still* be running on more active sites.There's more stats available [nexen.net] for the current month.

1. believe me, PHP by itself runs on more webservers and sites than all the.NET languages put together. Probably more than.NET languages and ASP/classic too!

As I stated, change the metrics and you can get what ever answer you like. Open the poll to all applications, not just web sites, and.Net (especially if you combine ASP/classic stuff too) pushes even better. Limit it back to Open Source projects, and the MS tools drop significantly. Look at closed source solutions, and MS dominates. Like I said, you can look at any specific segment of the programming world and see a skew.

2. Silverlight is a client-side technology. IIS/apache doesn't come into it. A silverlight discussion would be MS supporting it on Firefox on Linux.

I actually do all of my silverlight development using Firefox.;) But what would be ni

I imagine most things are bigger deals on the Web than DIN 66253-2 [wikipedia.org]. You might have somewhat more credibility on the issue if you correctly spelled the name of Larry Wall's language [wikipedia.org].

Silverlight 2 was actually first, amusingly enough. It was called WPF/E (Windows Presentation Foundation/Everywhere), and was the original design behind silverlight. Since it was still some time before it could be ready, they pushed a gimped version, Silverlight 1, to start and gain mindshare. But MS didn't need to be motivated to make a managed version: it was the -original- intention. (Since XBAP applications, the "full" deal that has been around since.NET 3.0, is Windows only)

Steve Ballmer is either:
1) Trying to appear more "open" (what with all the lawsuits in Europe & the oh-so-enthusiastic reception of OOXML), so they can have more influence in the real standards body.
2) Simply trying that old trick (to pretend suck up to developers) & then turn around & do something else.

Eitherway, its a PR stunt because it's hard to believe Microsoft wants to change its definition of "industry standards" from "something we came up with" to---wait for it---"industry standards".
Unless I'm missing something

Oh no, they're sucking up to developers all right... "hey kids, come and have a play with this cool new toy, yes the Express version is totally free... and you can do so much stuff with it, just look how it does most of it for you, no you don't have to think too hard about your programming, just let the nice IDE suck your bra... um, help you work smarter, not harder. Yes, you'll need to buy more RAM, but its cheap nowadays. Now, look at the nice client tools included too, yes, you can have animated icons on

Apache has sold out. We must fork their code now and abandon their Microsoft-backed versions, no matter what the cost. Look at what Microsoft did to Novell and openSUSE - the same thing is going to happen to Apache.
Tell everyone you know to stop using Microsoft-backed products. Friends don't let friends use Apache.

He believes that this move is based on a legitimate desire by Microsoft to foster collaborative development of Apache technologies that implement Microsoft standards.

If that's true, then we have a grave situation. M$ can make apache compatible with M$'s home-grown standards and then claim that the standards themselves are open standards. Since the percentage of IT people who mistake an open-source implementation as an open standard is almost 100%, M$ can even be very successful at this. Since the standards themselves are not open, all web servers, except Apache and M$-IIS, will soon die out. Finally M$ withdraws support for Apache and thus giving it a final bl

The trouble with that is, if they make Apache fully compatible with the rest of their stack, they would have to break compatibility between IIS and the rest of their software in order to break compatibility with Apache.

Which of course would be a stupid move, you'd just get the current situation where XP does exactly what people want, with no configuration, and Vista is a pain in the ass to switch to. Except this would be a matter of not wanting to switch from MS's next server release to a hypothetical rele

I really wouldn't mind having better ASP support on Apache (that doesn't hurt anyone), but this talk about "interoperability" between Microsoft and the ASF just brings back into my memory what happened to Novell.

The Apache Software Foundation/HAS/ (triple emphasis!) to keep their usual levels of strictness when it comes to outside contributors, specially Microsoft in this case.

I hope they don't let their guard down. I'm quite concerned, honestly. I do have some hope that the ASF will handle this prop

When I heard about this at OSCON, I had the same disbelief as anyone on slashdot. But then I thought.. what if it's true? What if MSFT isn't going to fold up and die a relic of the days of propriatry software? I wanted to see that, and I'm sure I'm not alone. But they have new management and can see how the software world is shifting just like everyone else. The "enemy" might be infected with "good", and we might get a powerful new ally instead of a vanquished foe. (What if this happend to the MPAA?)

Neither KDE nor GNOME is a windowing system. However, they are platforms -- and platforms are platforms, so to speak. I could just as easily have said Java vs.NET or something, and I suppose I probably should have -- except its too popular on slashdot to hate both.

Well to use an analogy, if Apache and IIS were car companies, one is manufacturing cars that get 200 MPG, with keyless entry security systems that are highly customizable and can be purchased for $10. The other company makes a car that runs on baby kittens, can be hijacked everytime you go under 30 MPH (and whose top speed is 35 MPH) and can be purchased for $100,000.

I wasn't aware of the February vulnerability, but the 2006 vulnerability is not a flaw in IIS, it's a flaw in ASP which is exposed via IIS (because that's really the only way to expose it). It would be like a flaw in mod_perl or something being attributed to IIS. In addition, ASP is not enabled by default, so it's a less critical flaw.

The February vulnerability appears more serious, however, it's still mitigated by the fact that the attacker can only execute code as the worker process, which severely limi

I think your research must be extremely selective because their have been several from various vendors and several that they don't acknowledge. And Apache hasn't had CRITICAL vulnerabilities while IIS has. And their patch time is averages about 1 week whereas IIS averages 6 months.

"allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules."

That seems critical to me. Also, while a patch may appear in CVS/SVN within a week, it typically doesn't make it out to the distro users for several weeks afterwards. For instance, this flaw was published on July 6th, but it didn't make it to (for exampl

There is a difference between critical security vulnerabilities, and critical security vulnerabilities made public.

Now for another car analogy:Suppose I drive by you at 30mph and throw an egg at your face. This egg represents apache. Now, because it splatters open all over your face, you are not yet dead, and you realise something has happened. Now suppose I do a U-turn and come back the other way as you're running up the street yelling at me. This time I hurl an equally-sized rock at your face. This rock r

Well to use an analogy, if Apache and IIS were car companies, one is manufacturing cars that get 200 MPG, with keyless entry security systems that are highly customizable and can be purchased for $10. The other company makes a car that runs on baby kittens, can be hijacked everytime you go under 30 MPH (and whose top speed is 35 MPH) and can be purchased for $100,000.

Who do you think deserves the market in this case?

The guy that sold a few thousand copies for $100k each. Considering that the other product w

Some of us put things like customer service and social responsibility above profit.

I can take a pirated copy of Windows XP Pro Corporate and sell it for the same price as my competition sells legitimate XP Pro. But of course, I'd make more profit, as I don't have to buy the product. Does that mean I deserve the market more than the competition? Of course not.

Some of us put things like customer service and social responsibility above profit.

I'll give you social responsibility, but the majority of the time, companies only care about customer service because it's good for business, meaning more profit. Only locally owned and operated stores frequently break that rule.

Some might say that social responsibility is only for good public image, but I have enough faith in humanity to assume that there's a large number of corporations run by good people.

No, no you can't. Not that this negates anything you said but, really... You can't even buy "Windows XP Pro Corporate" and never could. The "corporate" versions got wrapped into the VLK SKUs after (I think) 2k.

Unfortunately you need to read the manual before you even purchase the car, and the car comes in so many body styles, colors and designs - and every option under the sun. You can even throw in a Model T engine and have it run great.

The car that runs on baby kittens on the otherhand, comes with far fewer options, and these options are all kinda similar (different engine sizes and three or four colors) - but the support is great, everyone has one (so if you don't know something about it, your neighbor might)

Well that is true in a world of closed source code but not in the open source world where security reviewers and amateurs are always looking at your code. When the whole world has access to your code all the time, you always have to be improving it and working on it.

When it is closed (such as IE was) you can sit on it and not develop for years. Keeping things open causes more people to force you to stay on your game or else they will eventually fork it. Thats kind of what happened with Mozilla and Firefo

I sure as hell hope not, I cannot begin to list all the advantages of running IIS+.NET on Server 2003 over [insert language] and mod_whatever on Apache. Having to muck around with httpd.conf and chmod wouldn't exactly be an improvement over their current stack, especially for intra-corp applications.

(I realize the above paragraph might hurt some fanboys - sorry. You can have your platform, I recognize its strengths. Just leave mine alone)

This is probably part of Microsoft's push to make things like PHP and Ruby work better on Windows. After all, they'd rather you run WAMP than LAMP. They've been engaged with Zend on the FastGCI implementation for IIS that makes PHP so much better on Windows. I don't think they see IIS as some sacred cow to be protected. Again, as long as you're running everything on Windows Server =)

A lot of us like permissions better than "Read, Write, Execute". Also, ACLs without dynamic inheritance are a nightmare waiting to happen. And lastly, userspace support for ACLs is still woeful on *nix - while getfacl/setfacl work well enough, GUI support is poor, archiver support is thin at best and many end-user apps still think it's OK to meddle with your permissions and inevitably screw it up because they only copy your permissions, not your ACLs (this happens more than you might expect, even word pro

Having to muck around with httpd.conf and chmod wouldn't exactly be an improvement over their current stack, especially for intra-corp applications.

Where I work, both approaches are used.

The difference I've seen in the 10+ years since we've had web-based applications in the intranet is that with Apache you must have an experienced analyst who configures httpd.conf once, then the system runs forever. With IIS you must have someone with much less experience, who's always doing this or that to keep the system

A better sponsorship would be to quit developing IIS and focus all of its development staff on Apache for Windows,

NOOOOOO!!!!In general I dislike most of Microsoft's technologies. First they make MFC. Code usually looks like someone threw up on the monitor. Then they go and get the same guy that came up with MFC to write C#, which is also horrible. And to top it off, on top of the crap that is C# they pile on things like Forms, WPF, and 1000s of other things that are all hideous.

No company in history has made uglier looking API's. The nice thing about open source is that if you don't like some API, there is a goo

Uhh.. you really have no idea what you're talking about. First, MFC is a library, C# is a language. Second, C# was developed by Anders Hjelberg, who Microsoft hired away from Borland. He's the guy that basically wrote Delphi. And no, he did not create MFC.

Well at least the "threw up on the monitor" part was right. I actually really loved MFC when I first was using it, but as time went on I really wished that I had the time to re-do it in some way that read better.

Wasn't a massive fan of MFC either if I'm honest but C#? What's wrong with it exactly? combined with the.NET framework it's like Java done right.

If you only have to write for Windows or are happy with the current Mono implementation, C# is one of the best languages out there for application development. It's a modern language, it takes what other older languages did right and fixes many of the things they did wrong.

The.NET framework is easily one of the best frameworks out there also, it's not like stuff